Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 2 Zone Files. Objective Understand the idea of a zone and how it relates to a domain name understand zone file structure Understand the major Resource.

Published byNatalie Ross Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 2 Zone Files. Objective Understand the idea of a zone and how it relates to a domain name understand zone file structure Understand the major Resource."— Presentation transcript:

1 Module 2 Zone Files

2 Objective Understand the idea of a zone and how it relates to a domain name understand zone file structure Understand the major Resource Record (RRs) used to create zone files Understand IPv4 Reverse Mapping Understand which zone files are required

3 DNS – Zone Files Domain = Zone Textual descriptions of various Resource Records (RRs) that describe the domain, such as Name Servers, Mail Servers, Services and hosts and Directives Forward mapping translates a name into an IP address or a secondary name Reverse Mapping translates an IP address into a name The Authoritative server for the Domain (Zone) loads the zone files

4 DNS Zone File ; IPv4 zone file for example.com $TTL 2d ; default TTL for zone $ORIGIN example.com. ; base domain-name ; Start of Authority record defining the key characteristics of the zone (domain) @ IN SOA ns1.example.com. hostmaster.example.com. ( 2003080800 ; se = serial number 12h ; ref = refresh 15m ; ret = update retry 3w ; ex = expiry 2h ; min = minimum ) ; name servers Resource Records for the domain IN NS ns1.example.com. ; the second name server is ; external to this zone (domain). IN NS ns2.example.net. ; mail server Resource Records for the zone (domain) 3w IN MX 10 mail.example.com. ; the second mail server has lower priority and is ; external to the zone (domain) IN MX 20 mail.example.net. ; domain hosts includes NS and MX records defined previously ; plus any others required ns1 IN A 192.168.254.2 mail IN A 192.168.254.4 joe IN A 192.168.254.6 www IN A 192.168.254.7 ; aliases ftp (ftp server) to an external location ftp IN CNAME ftp.example.net.

5 DNS - Forward Mapping SOA RR defines the Apex of the zone and general properties NS RRs define the Name Servers (DNS) which are authoritative MX RRs define the mail servers CNAME RRs define aliases A (IPv4) and AAAA (IPv6) define IP addresses TXT RRs are general records (SPF) example.com

6 RRs – Generic Format name or label identifies the record externally, for instance, www ttl (Time-to-Live) defines how long the RR may be cached in seconds class = IN = Internet type of RR, for example, MX One or more type-specific parameters TTL and Class can be omitted name ttl class type parameters

7 Zone Directives All start with $ $TTL time-in-seconds default Time-to-Live for the zone in seconds $ORIGIN FQDN. Base domain (zone) name $INCLUDE file-name Include another file here Comments start with ;

8 $TTL Zone Directive The default Time-to-Live in seconds if no TTL value on the RR 172800 = 2 days Takes short forms in BIND m, h, d, w 172800 = 2d or 48h $TTL 1d2h3m = 93780 Must appear before any RR (first)

9 DNS - TTL Only used by caching name servers (resolvers) Slave uses SOA parameters Determines the time the RR can held in a cache before being refreshed Value in seconds (think in hours) 0 = never cache (dangerous) Determines DNS change propagation time

10 $ORIGIN Directive Defines a label (name) that will be used to substitute all non-FQDN names Parameter must be an FQDN terminates with a dot $ORIGIN example.com. Optional - defaults to zone name Usage illustrated later

11 DNS Zone File ; IPv4 zone file for example.com $TTL 2d ; default TTL for zone $ORIGIN example.com. ; base domain-name ; Start of Authority record defining the key characteristics of the zone (domain) @ IN SOA ns1.example.com. hostmaster.example.com. ( 2003080800 ; se = serial number 12h ; ref = refresh 15m ; ret = update retry 3w ; ex = expiry 2h ; min = minimum ) ; name servers Resource Records for the domain IN NS ns1.example.com. ; the second name server is ; external to this zone (domain). IN NS ns2.example.net. ; mail server Resource Records for the zone (domain) 3w IN MX 10 mail.example.com. ; the second mail server has lower priority and is ; external to the zone (domain) IN MX 20 mail.example.net. ; domain hosts includes NS and MX records defined previously ; plus any others required ns1 IN A 192.168.254.2 mail IN A 192.168.254.4 joe IN A 192.168.254.6 www IN A 192.168.254.7 ; aliases ftp (ftp server) to an external location ftp IN CNAME ftp.example.net.

12 File layout rules Comments begin with ; Parameters continued in parenthesis () ; IPv4 zone file for example.com @ IN SOA ns1.example.com. hostmaster.example.com. ( 2003080800 ; se = serial number 12h ; ref = refresh 15m ; ret = update retry 3w ; ex = expiry 2h ; min = minimum ) Name @ = $ORIGIN Blank or TAB = last label or $ORIGIN

13 DNS – Substitution Rule If any name (label) in a zone file is not an FQDN the last value of $ORIGIN will be appended to the end of the name (label).

14 DNS - SOA RR SOA defines the start of the zone and must be first non-directive entry pmns = Primary Master Name Server One of the authoritative name servers OR if DDNS is used it defines the NS which will be updated Spec. name is MNAME SOA pmns mail sn refresh retry expiry min

15 DNS - SOA RR mail = mailbox of DNS administrator or tech contact Format is all dot separated (@ is used) hostmaster.example.com (recommended) = hosthaster@example.com Can be very important Spec name is RNAME SOA pmns mail sn refresh retry expiry min

16 DNS - SOA RR sn = serial number of zone contents Arbitrary 10 digit number (4294967295) Usage typically YYYYMMDDSS YYYY = year, MM = month DD = day, SS = sequence number MUST increment every time zone contents change Slave reads SOA and compares serial number SOA pmns mail sn refresh retry expiry min

17 DNS - SOA RR refresh = time after which Slave will start to refresh zone from Master (AXFR, IXFR) retry = time between failed attempts to fresh zone expiry = time after which Slave will not respond to zone requests if Master not accessed min = time NXDOMAIN (no name) may be cached (max 3 hours) SOA pmns mail sn refresh retry expiry min

18 DNS – SOA Example @ IN SOA ns1.example.com. hostmaster.example.com. ( 2003080800 ; se = serial number 12h ; ref = refresh 15m ; ret = update retry 3w ; ex = expiry 2h ; min = nxdomain ttl )

19 DNS – SOA Example $ORIGIN example.com. @ IN SOA ns1 hostmaster ( 2003080800 ; se = serial number 12h ; ref = refresh 15m ; ret = update retry 3w ; ex = expiry 2h ; min = nxdomain ttl )

20 DNS - NS RR NS RRs list all name servers for the domain At zone apex for this zone Minimum of two In-zone servers will need A or AAAA RRs name = name of an internal or external name server that is authoritative for this domain NS RRs appear in the zone (authoritative) and the parent (point of delegation – not authoritative) NS name

21 DNS – NS RRs ; name servers Resource Records for the domain IN NS ns1.example.com. ; could have been ; IN NS ns1 ; the second name server is ; external to this zone (domain). IN NS ns2.example.net.

22 DNS – NS RRs $ORIGIN example.com. ; name servers Resource Records for the domain IN NS ns1.example.com. ; missing dot IN NS ns1.example.com ; looks for ns1.example.com.example.com.

23 DNS - MX RR MX RRs list all incoming mail servers for the domain Defined at zone apex for this zone One or more priority = relative priority of defined server (low is most important). Value = 0 – 65535 name = name of an internal or external mail server for this domain In-zone servers will have A or AAAA RRs MX priority name

24 DNS – MX RRs ; mail server Resource Records for the zone (domain) 3w IN MX 10 mail.example.com. ; the second mail server has lower priority and is ; external to the zone (domain) - backup IN MX 20 mail.example.net. 3w = TTL Priority 10 simply means you can add a more important mail server with only one change

25 DNS - A RR A RRs list all visible hosts for the zone (domain). Must include the in-zone NS and MX RRs plus others IPv4-address = standard dotted quad address (address not a name) A IPv4-address

26 DNS - AAAA RR AAAA RRs list all visible IPv6 hosts for the zone (domain). Mixed with A RRs Both A and AAAA if dual stacked IPv6-address = standard colon separated address (address not a name) AAAA IPv6-address

27 DNS – A RRs ; domain hosts includes NS and MX records defined ;previously plus any others required ns1 IN A 192.168.254.2 mail IN A 192.168.254.4 joe IN A 192.168.254.6 www IN A 192.168.254.7

28 DNS - CNAME RR CNAME RRs maps an alias name to a canonical (real) name (A or AAAA RRs) May point to a host name in-zone or out-of-zone canonical-name = real name of host CNAME costs extra access Alternate is to use multiple A or AAAA RRs CNAME canonical-name

29 DNS – CNAME RRs ; aliases ftp (ftp server) to an external location ftp IN CNAME ftp.example.net. ; very common use of CNAME mail IN A 192.168.2.3 www IN CNAME mail ; alternate – functionally identical mail IN A 192.168.2.3 www IN A 192.168.2.3

30 DNS - TXT RRs TXT RRs may be used to contain any text Externally visible Used to define Sender Profile (SPF) RRs (now also SPF RR) Used to define DKIM RRs text = enclosed in quotes TXT text

31 DNS – TXT RRs ; uses of TXT ftp IN CNAME ftp.example.net. IN TXT “Supports FTP and SFTP” mail IN A 192.168.0.18 mail IN TXT “ v=spf1 ip4:192.168.0.3/27 –all ” ; DKIM TXT RR mail._domainkey IN TXT "v=DKIM1;t=s;p=blah....blah;" ; ADSP TXT RR _adsp._domainkey IN TXT "dkim=discardable;"

32 DNS – Reverse Mapping Maps an IP address to a name Domain name hierarchy is right to left – www.example.com IP address hierarchy is left to right 192.168.0.1 Solution Remove last digit (192.168.0) Invert number (0.168.192) Append in-addr.arpa (0.168.192.in-addr.arpa) Define.1 (and others) in zone file with PTR RR

33 DNS – Reverse Mapping

34 DNS – Reverse Zone File ; simple reverse mapping zone file for example.com $TTL 2d ; default TTL for zone $ORIGIN 254.168.192.IN-ADDR.ARPA. ; Start of Authority record defining the key characteristics of the zone (domain) @ IN SOA ns1.example.com. hostmaster.example.com. ( 2003080800 ; sn = serial number 12h ; refresh 15m ; retry 3w ; expiry 2h ; min = minimum ) ; name servers Resource Records for the domain IN NS ns1.example.com. ; the second name server is ; external to this zone (domain). IN NS ns2.anotherdomain.com. ; PTR RR maps an IPv4 address to a host name 2 IN PTR ns1.example.com...... 4 IN PTR mail.example.com...... 16 IN PTR joe.example.com. 17 IN PTR www.example.com.....

35 DNS - PTR RRs PTR RRs maps a name to a name Both left and right hand expressions are names – needs $ORIGIN Right hand name must be FQDN PTR is used for both IPv4 and IPv6 Separate zone files for IPv4 and IPv6 because of domain name Reverse map domain for IPv6 is ip6.arpa Generally only a single IP mapped to a name name PTR name

36 DNS – PTR RR $ORIGIN 254.168.192.IN-ADDR.ARPA.... ; PTR RR maps an IPv4 address to a host name 2 IN PTR ns1.example.com...... 4 IN PTR mail.example.com...... 16 IN PTR joe.example.com. 1 IN PTR www.example.com. ; could be written as 17. 254.168.192.IN-ADDR.ARPA. IN PTR www.example.com.... ; missing dot 1 IN PTR bill.example.com ; maps to bill.example.com.254.168.192.IN-ADDR.ARPA.....

37 DNS – Reverse Mapping IPv4 Optional Used especially by mail systems to do reverse lookup (essential) IPv6 Optional (originally Mandatory) Local IP address reverse map

38 Zone File – Best Practice Comment file – changes made Always include $ORIGIN $ORIGIN is optional defaulted to name of zone bad practice – non-self documenting Use consistent style FQDN on right names, or left names or both

39 Required Zone Files Depends on name server function Forward and reverse map for localhost zone Forward domain = localhost Reverse map 0.0.127.in-addr.arpa Hints file if caching server – points to root-servers Reverse map private IPs (192.168.x, 10.x.x, 172.16.x)

40 Hints (Root) Zone file ; ; last update: Jan 29, 2004 ; related version of root zone: 2004012900 ; ; formerly NS.INTERNIC.NET ;. 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 …

41 Local Host Forward Map $TTL 86400 ; 24 hours could have been written as 24h or 1d $ORIGIN localhost. @ 1D IN SOA @ hostmaster ( 2004022401 ; serial 12h; refresh 15m ; retry 1w ; expiry 3h ; minimum ) @ 1D IN NS @ ; localhost is the name server 1D IN A 127.0.0.1 ; always returns the loop-back address

42 Alternate Format $TTL 1d ; $ORIGIN localhost. localhost. IN SOA localhost. hostmaster.localhost. ( 2002022401 ; serial 3H ; refresh 15M ; retry 1w ; expire 3h ; minimum ) localhost. IN NS localhost. ; localhost is the name server localhost. IN A 127.0.0.1 ; the loop-back address

43 Localhost Reverse Map $TTL 86400 ; 24 hours ; could use $ORIGIN 0.0.127.IN-ADDR.ARPA. @ IN SOA localhost. hostmaster.localhost. ( 1997022700 ; Serial 3h ; Refresh 15 ; Retry 1w ; Expire 3h ) ; Minimum IN NS localhost. 1 IN PTR localhost.

44 Quick Quiz What RR defines a mail server? What is the first record in a zone file? What does the $ORIGIN directive do? How does the slave know to transfer zone? What is a PTR RR used for? What value defines how long an RR can be cached?

Download ppt "Module 2 Zone Files. Objective Understand the idea of a zone and how it relates to a domain name understand zone file structure Understand the major Resource."

Similar presentations

Module 7 Advanced Zone Files.

Module 7 Advanced Zone Files.
Domain Name System (DNS) Name resolution for both small and large networks Host names IP Addresses Like a phone book, but stores more information Older.

Domain Name System (DNS) Name resolution for both small and large networks Host names IP Addresses Like a phone book, but stores more information Older.
Web Server Administration

Web Server Administration
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Web Server Administration Chapter 4 Name Resolution.

Web Server Administration Chapter 4 Name Resolution.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
February 2003slideset 1 Writing Zone Files Olaf M. Kolkman

February 2003slideset 1 Writing Zone Files Olaf M. Kolkman
Copyright © 2007 by Scott Orr and the Trustees of Indiana University

Copyright © 2007 by Scott Orr and the Trustees of Indiana University
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.

DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.
DNS server & Client Objectives Contents

DNS server & Client Objectives Contents
1 Guide To TCP/IP Domain Name System. 2 DNS – TCP/IP Application Protocol Name resolution protocol - robust, reliable & stable Distributed database technology.

1 Guide To TCP/IP Domain Name System. 2 DNS – TCP/IP Application Protocol Name resolution protocol - robust, reliable & stable Distributed database technology.
DNS Domain name server – a server to translate IP aliases to addresses As you know, IP (internet protocol) works by providing every Internet machine with.

DNS Domain name server – a server to translate IP aliases to addresses As you know, IP (internet protocol) works by providing every Internet machine with.
DNS. DNS is a network service that enables clients to resolve names to IP address and vice-versa. Allows machines to be logically grouped by domain names.

DNS. DNS is a network service that enables clients to resolve names to IP address and vice-versa. Allows machines to be logically grouped by domain names.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.

The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Address Policy Meeting What is Reverse DNS October 26th, Brisbane Bruce.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Address Policy Meeting What is Reverse DNS October 26th, Brisbane Bruce.
Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.

Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.
The Domain Name System Unix System Administration Download PowerPoint Presentation.

The Domain Name System Unix System Administration Download PowerPoint Presentation.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
Module 12: Domain Name System (DNS)

Module 12: Domain Name System (DNS)

Similar presentations

Ads by Google